From owner-freebsd-questions  Tue Oct 17  9:24:48 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from web110.yahoomail.com (web110.mail.yahoo.com [205.180.60.80])
	by hub.freebsd.org (Postfix) with SMTP id E2C7D37B4E5
	for <freebsd-questions@freebsd.org>; Tue, 17 Oct 2000 09:24:41 -0700 (PDT)
Received: (qmail 7771 invoked by uid 60001); 17 Oct 2000 16:24:41 -0000
Message-ID: <20001017162441.7770.qmail@web110.yahoomail.com>
Received: from [209.247.40.201] by web110.yahoomail.com; Tue, 17 Oct 2000 09:24:41 PDT
Date: Tue, 17 Oct 2000 09:24:41 -0700 (PDT)
From: Guolin Cheng <chenggl@yahoo.com>
Subject: Re: Reserved ports too limited for amd (automount) on FreeBSD 4.1
To: Doug Barton <DougB@gorean.org>, freebsd-questions@freebsd.org
Cc: jad@alexa.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Doug Barton,

 Thanks. 

 I already did the step, changed the IPPORT_RESERVED parameter in
/usr/src/sys/netinet/in.h and recompiled it, but the problem is: it aborted
when compiling! I have to use a old kernel.

 I want to know if there is a switch/option that we can set so that amd will
not use reserved ports by default, or if there are other versions of amd that
doesn't use reserved ports by default. Thanks.

 Your know, if we change the range of reserved ports, the R-commands (rsh,
rlogin, rexec..) will run into trouble, because R-daemons can only accept
connection requests using ports between 512 and 1023!!! too terrible! 
 
 Yours sincerely,

 Guolin Cheng


--- Doug Barton <DougB@gorean.org> wrote:
> On Mon, 16 Oct 2000, Guolin Cheng wrote:
> 
> > Matt Heckaman,
> > 
> >  Thanks.
> > 
> >  I changed using sysctl command after FreeBSD 4.1 reboot, the problem is:
> even
> > the parameter is changed ( sysctl -w net.inet.ip.portrange.lowfirst=2023 ),
> the
> > amd still using ports <1024, since the reserved ports already was in use
> from
> > 1023! and now they will be used one by one sequentially!!! :((
> 
> 	Your problem is that by definition the secure port range ends at
> 1023. You _may_ be able to get what you want by changing IPPORT_RESERVED
> in /usr/src/sys/netinet/in.h and rebuilding your world and kernel, but
> it'd be a hack of potentially dangerous proportions. 
> 
> Doug
> -- 
>         "The dead cannot be seduced."
> 		- Kai, "Lexx"
> 
> 	Do YOU Yahoo!?
> 
> 


=====
With Best Regards.

Guolin Cheng
Alexa Internet Company
Presidio of San Francisco, 
San Francisco, CA 94129
(415)561-6900 ext. 6021

__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message